CVE-2008-6404 – eXtrovert software Thyme 1.3 - 'add_calendars.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-6404
Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en add_calendars.php en eXtrovert Software Thyme v1.3 permite a atacantes remotos inyectar web script o HTML a través del parámetro "callback". • https://www.exploit-db.com/exploits/32398 http://www.digitrustgroup.com/advisories/web-application-security-thyme2.html http://www.securityfocus.com/bid/31287 https://exchange.xforce.ibmcloud.com/vulnerabilities/45302 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-0535 – Thyme 1.3 - 'export_to' Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-0535
Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter. Vulnerabilidad de salto de directorio en export.php en Thyme v1.3 y anteriores, cuando register_globals está desactivado, permite a atacantes remotos leer archivos de su elección a través de ..(punto punto) en el parámetro "export_to". • https://www.exploit-db.com/exploits/8029 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-4459 – eXtrovert software Thyme 1.3 - 'pick_users.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4459
SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en pick_users.php en el módulo de grupos en el software eXtrovert Thyme v1.3 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro uname_search. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceras partes. • https://www.exploit-db.com/exploits/32342 http://secunia.com/advisories/31782 http://www.digitrustgroup.com/advisories/web-application-security-thyme.html http://www.securityfocus.com/bid/31063 https://exchange.xforce.ibmcloud.com/vulnerabilities/44970 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-2621 – Thyme Calendar 1.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-2621
SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter. Vulnerabilidad de inyección SQL en event_view.php en Thyme Calendar 1.3 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro eid. • https://www.exploit-db.com/exploits/3895 http://osvdb.org/35971 http://secunia.com/advisories/25234 http://www.securityfocus.com/bid/23912 http://www.vupen.com/english/advisories/2007/1771 https://exchange.xforce.ibmcloud.com/vulnerabilities/34211 •
CVE-2006-2117
https://notcve.org/view.php?id=CVE-2006-2117
Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. • http://secunia.com/advisories/19909 http://securityreason.com/securityalert/822 http://www.aria-security.net/portals/thyme http://www.attrition.org/pipermail/vim/2006-September/001019.html http://www.securityfocus.com/archive/1/432588/100/0/threaded http://www.securityfocus.com/bid/17746 http://www.vupen.com/english/advisories/2006/1602 https://exchange.xforce.ibmcloud.com/vulnerabilities/26188 •